Here are two ways to do this, the first provides easy to read output and will print names of applications and processes that are connecting to the outside world:

lsof -nPi | cut -f 1 -d " "| uniq | tail -n +2

Running this command will give you something like:

SystemUISDropboxiChatAgenFinderiTunesGooglessh

Obviously these are just the application names and there isn’t much more data here, but if you’re just trying to track down a rogue bandwidth hogging app it’s sometimes adequate.

If you want more detailed information, we can revise the above command so that we get more raw data out of lsof by removing the pipes to other command line utilities, leaving us with unrefined details directly from lsof. You’ll also notice I cut out the -n flag because I want to see the host names this time around:

lsof -Pi

This will provide much more data, including the app name, PID, protocol, IP address, hostname, and the current status of the connection. All very helpful data.

If that is information overload, try piping the command through ‘more’ so it is easier to read in chunks, or use grep to sort data for a specific app or process, like so: